Hi Gary,
It is odd because you have ":block_connections_on_unverified (false)" which
should allow computers with failed SCVchecks to continue to connect. The
topology update issue is a valid one. I have mine set for an hour just so I
can make local.scv changes and have them propogated no more than an hour
later. Search your laptop for the local copy of "local.scv" and see if it
matches the one you put on the management station.
Here's an appropriately sanitized local.scv file. The checks are that the
Norton/Symantec "rtvscan.exe" anti-virus process is running (or that any
program named "rtvscan.exe" is running) and that the screen saver is set,
password-protected and not set longer than 15 minutes.
Ray
(SCVObject
:SCVNames (
: (user_policy_scv
:type (plugin)
:parameters (
:dont_enforce_while_connecting (true)
)
)
: (BrowserMonitor
:type (plugin)
:parameters (
:browser_major_version (5)
:browser_minor_version (5)
:browser_version_operand (">=")
:browser_version_mismatchmassage ("A newer Internet
Explorer version is
required. Please contact the Corporate Help Desk at xxx-xxx-xxxx.")
:intranet_download_signed_activex (disable)
:intranet_run_activex (disable)
:intranet_download_files (disable)
:intranet_jave_permissions (disable)
:trusted_download_signed_activex (disable)
:trusted_run_activex (disable)
:trusted_download_files (disable)
:trusted_jave_permissions (disable)
:internet_download_signed_activex (disable)
:internet_run_activex (disable)
:internet_download_files (disable)
:intranet_jave_permissions (disable)
:restricted_download_signed_activex (disable)
:restricted_run_activex (disable)
:restricted_download_files (disable)
:restricted_jave_permissions (disable)
:securely_configured_no_active_user (false)
:send_log (alert)
:internet_options_mismatch_message ("Your Internet
browser configuration
does not match the organization policy. Proceed as follows:\n1. In the
browser, go to Tools > Internet Options > Security.\n2. For each Web content
zone select custom level security and disable the following items: DownLoad
signed ActiveX, Run Activex Controls, Download Files and Java Permissions.")
)
)
: (OsMonitor
:type (plugin)
:parameters (
:os_version_mismatchmessage ("A newer operating system
version is
required. Upgrade your operating system.")
:enforce_screen_saver_minutes_to_activate (15)
:screen_saver_mismatchmessage ("This computer's screen
saver
configuration does not match our Remote Access policy. It has been
automatically blocked from connecting to our network using Remote Access
until the screen saver is reconfigured.\n\n If you need to disable the
screen saver for a presentation, you can do so as long as you are not using
Remote Access at the same time.\n\n In order to restore your Remote Access
capability, please set your screen saver as follows:\n\n1. If you are dialed
in, disconnect now.\n\n2. Click Start, Settings, Control Panel. Double click
the Display icon and select the Screen Saver tab. Pick a screen saver if it
is currently set to (None). The Employee News Network screen saver is
required by company policy if it is available.\n\n3. Under Wait choose 15
minutes and check Password Protection.\n\n4. Click OK")
:send_log (log)
:major_os_version_number_9x (4)
:minor_os_version_number_9x (10)
:os_version_operand_9x (">=")
:service_pack_major_version_number_9x (0)
:service_pack_minor_version_number_9x (0)
:service_pack_version_operand_9x (">=")
:major_os_version_number_nt (4)
:minor_os_version_number_nt (0)
:service_pack_major_version_number_nt (5)
:service_pack_minor_version_number_nt (0)
:service_pack_version_operand_nt (">=")
:major_os_version_number_2k (5)
:minor_os_version_number_2k (0)
:os_version_operand_2k ("==")
:service_pack_major_version_number_2k (0)
:service_pack_minor_version_number_2k (0)
:service_pack_version_operand_2k (">=")
:major_os_version_number_xp (5)
:minor_os_version_number_xp (1)
:os_version_operand_xp ("==")
:service_pack_major_version_number_xp (0)
:service_pack_minor_version_number_xp (0)
:service_pack_version_operand_xp (">=")
:screen_saver_securely_configured_on_no_active_user
(false)
)
)
: (ProcessMonitor
:type (plugin)
:parameters (
:rtvscan.exe (true)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Your anti-virus system may be
malfunctioning or it
may be just a bit slow to start up. If you can see the 'gold shield' near
the time, please ignore this message. If you cannot see the shield or it is
covered by a red circle-and-slash or has an exclamation point in a circle on
top of it, please call the Corporate Help Desk at xxx-xxx-xxxx
immediately.")
:end (admin)
)
)
: (groupmonitor
:type (plugin)
:parameters (
:begin_or (or1)
:begin_and (1)
:"builtin\administrator" (false)
:"BUILTIN\Users" (true)
:end (1)
:begin_and (2)
:"builtin\administrator" (true)
:"BUILTIN\Users" (false)
:end (and2)
:end (or1)
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("You are using SecureClient with a
non-authorized
user.\nMake sure you are logged on as an authorized user.")
:securely_configured_no_active_user (false)
:end (admin)
)
)
: (HotFixMonitor
:type (plugin)
:parameters (
:begin_or ()
:11111 (false)
:22222 (true)
:end ()
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("The organization policy requires
that you have a
SecureClient with either Q147222 or Q246009 security patches installed.
Install either of them.")
:end (admin)
)
)
: (sc_ver_scv
:type (plugin)
:parameters (
:Default_SecureClientBuildNumber (52032)
:Default_EnforceBuildOperand ("==")
:MismatchMessage ("You are not running the latest
version of
SecureClient. Upgrade your SecureClient.")
:EnforceBuild_9X_Operand (">=")
:SecureClient_9X_BuildNumber (52030)
:EnforceBuild_NT_Operand ("==")
:SecureClient_NT_BuildNumber (52032)
:EnforceBuild_2K_Operand (">=")
:SecureClient_2K_BuildNumber (52032)
:EnforceBuild_XP_Operand (">=")
:SecureClient_XP_BuildNumber (52032)
)
)
)
:SCVPolicy (
: (user_policy_scv)
: (OsMonitor)
: (ProcessMonitor)
)
:SCVGlobalParams (
:block_connections_on_unverified (true)
:scv_policy_timeout_hours (24)
:enforce_ip_forwarding (true)
)
)
_________________________________________________________________
Don’t just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
